Critical severity9.1NVD Advisory· Published Mar 5, 2026· Updated Apr 15, 2026
CVE-2026-2418
CVE-2026-2418
Description
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.0.2.0
Patches
Vulnerability mechanics
References
1News mentions
1- ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and MoreThe Hacker News · Jun 22, 2026